For a deeper look into our World Check One API, look into:

Overview |  Quickstart |  Documentation |  Downloads

question

Upvotes
Accepted
yunyun.chen avatar image
3 0 0 0

How to generate Signature in Golang any one help me ?

Hi

In Thomson-Reuters-World-Check-One-API-documentation.v2.0 we can see request example and description for it


"Given the above signing text, if a secret key of “1234” is used, the computed HMAC-SHA256 value would be 224B73FC07571E60E8B8D9BAB8107C656D3171F346B96183C665FD4C5330B85D when printed using hex encoding, or Iktz/AdXHmDouNm6uBB8ZW0xcfNGuWGDxmX9TFMwuF0= when printed using base64 encoding."


But i got first value “45F3083DA84B9C129E5B9575EA1AA81B656582E048E5D40F51535143A5985C02”


my golang code:

func HmacSha256(data string, secret string) string {
   h := hmac.New(sha256.New, []byte(secret))
   h.Write([]byte(data))
   sha := hex.EncodeToString(h.Sum(nil))
   sha = strings.ToUpper(sha)
   return base64.StdEncoding.EncodeToString([]byte(sha))
}


What am I doing wrong? @Irfan.Khan

world-checkworld-check-oneauthentication
icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 5.0 MiB each and 10.0 MiB total.

2 Answers

Upvotes
Accepted
Irfan.Khan avatar image
4.2k 7 5 6

V2_HMAC.zip

@yunyun.chen

I tried to generate the hex digest and Base64 signature using my python script and find it to be as follows:

HMAC-->bb3adc06d7878b861f4a872a1e7a357b4cc8aecfa8989065257b9f7d95b5147c

Base64-->uzrcBteHi4YfSocqHno1e0zIrs+omJBlJXuffZW1FHw=


So, the values of HMAC and Base64 mentioned in the API documentation is incorrect and I am working to get those changed.

In the mean time, I would like to tell that the way you are generating the HMAC and Base64 in golang is correct, so you can proceed with writing the code to connect to simple GET request first. Do not worry about the Base64/HMAC signature not matching for the moment, as there are lot of factors involved to get the correct base64, for example: spaces and indentation in the payload also matters a lot.

Are you sure you are trying the correct payload. Try this:

payload := strings.NewReader("{
\n  \"caseId\": \"my customer ID\",
\n  \"name\": \"John Doe\",
\n  \"providerTypes\": [\"WATCHLIST\"]
\n}")

and then add this to your dataToSign variable. After this convert it to a byte class.


I am attaching a python code for your reference.


v2-hmac.zip (656 B)
icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 5.0 MiB each and 10.0 MiB total.

Upvotes
Irfan.Khan avatar image
4.2k 7 5 6

@yunyun.chen

Try this code snippet instead:

apiSecret is the API secret and payload is the other data you are blending with API secret.

hmac256 := hmac.New(sha256.New, []byte(apiSecret))
hmac256.Write([]byte(payload))
base64.StdEncoding.EncodeToString(hmac256.Sum(nil))


icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 5.0 MiB each and 10.0 MiB total.

yunyun.chen avatar image yunyun.chen

The Reault of the example in the documentation ,

"ktz/AdXHmDouNm6uBB8ZW0xcfNGuWGDxmX9TFMwuF0=" when printed using base64 encoding.


But I'm getting this

"RfMIPahLnBKeW5V16hqoG2VlguBI5dQPUVNRQ6WYXAI="

by the 

hmac256 := hmac.New(sha256.New, []byte(apiSecret))
hmac256.Write([]byte(payload))
base64.StdEncoding.EncodeToString(hmac256.Sum(nil))

payload

(request-target): post /v2/cases
host: rms-world-check-one-api.thomsonreuters.com
date: Tue, 07 Jun 2016 20:51:35 GMT
content-type: application/json
content-length: 88
{
  "caseId": "my customer ID",
  "name": "John Doe",
  "providerTypes": ["WATCHLIST"]
}
Click below to post an Idea Post Idea